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Probabilistic transition system specifications (PTSSs) in the ntfifv/ntfixv format provide structural 
operational semantics for Segala-type systems that exhibit both probabilistic and nondeterministic 
behavior and guarantee that bisimilarity is a congruence. Similar to the nondeterministic case of the 
rule format tyft/tyxt, we show that the well-foundedness requirement is unnecessary in the probabilis- 
tic setting. To achieve this, we first define a generalized version of the ntftfv/nt/jjcv format in which 
quantitative premises and conclusions include nested convex combinations of distributions. Also this 
format guarantees that bisimilarity is a congruence. Then, for a given (possibly non-well-founded) 
PTSS in the new format, we construct an equivalent well-founded PTSS consisting of only rules of 
the simpler (well-founded) probabilistic ntree format. Furthermore, we develop a proof-theoretic no- 
tion for these PTSSs that coincides with the existing stratification-based meaning in case the PTSS 
is stratifiable. This continues the line of research lifting structural operational semantic results from 
the nondeterministic setting to systems with both probabilistic and nondeterministic behavior. 



1 Introduction 

Plotkin's structural operational semantics [ 19] is a popular method to provide a rigorous interpretation to 
specification and programming languages. The interpretation is given in terms of transition systems. The 
method has been formalized with an algebraic flavor as transition systems specifications (TSS) ]5|6||13||14| 
etc.]. Basically, a TSS contains a signature, a set of labels, and a set of rules. The signature defines the 
terms in the language. Labels represent actions performed by a process (i.e., a term over the signature) in 
one step of the execution (i.e., one transition). Rules define how a process should behave (i.e., produce a 
transition) in terms of the behavior of its subprocesses. That is, rules define compositionally the transition 
system associated to each term of the language. This technique has been widely studied mainly on the 
realm of languages and process algebras describing only non-deterministic behavior (see |T8| for an 
overview). 

The introduction of probabilistic process algebras |TJ[l2j etc.] motivated the need for a theory of 
structural operational semantics to define probabilistic transition systems. A few results have appeared 
in this direction, notably (2|[3]|7 15 16j. All these works introduced rule formats that ensures that 



bisimulation equivalence is a congruence for operators whose semantics is defined within such format. 
The most general of those formats is the nt/ufv/ntpxv format J7J that provides semantics in terms of 
Segala's probabilistic automata [20]. 
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The ntpfv/ntpxv format is the probabilistic relative to the ntyft/ntyxt format [13] extending it in two 
ways. First, it is designed to deal with probabilistic transitions of the form t — > n, where t is a term in 
the appropriate signature, and n is a distribution on terms. Second, it includes quantitative premises that 
allow for probabilistic testing of the form n{{t\,. . .,t n }) > q, that is, it allows to verify if the probability 
that the system moves to one state (i.e. term) in {t\,,..,t n } according to n is greater than q e [0,1]. 
The congruence theorem for the ntpfv/ntpxv format (71 Thm. 12] states that if a probabilistic transition 
system specification (PTSS) P has all its rules in ntpfv/ntpxv format, then bisimulation equivalence is a 
congruence for all operators in P. Unfortunately, [7] missed an important condition: rules have to be 
well-founded (basically, there should not be a cyclic dependency on the terms appearing in the premises 
of the rule). This paper will correct this mistake. 

The well-foundedness condition has also appeared from the very beginning in the non-deterministic 
setting. Most of the formats have it implicit as they did not allowed lookahead. Congruence theorems 
for formats with lookahead such as tyft/tyxt (14} or ntyft/ntyxt p"3| explicitly demanded TSS to be well- 
founded. It remained unknown for a while whether such condition was actually required until Fokkink 
and van Glabbeek proved it unnecessary (9} . The proof proceeds by reducing a TS S in tyft/tyxt format (not 
necessarily well-founded) to an equivalent TSS containing only so called tree rules (i.e., well-founded 
rules in tyft format with premises containing only variables instead of arbitrary open terms). Similarly, 
they showed that a TSS in ntyft/ntyxt format can be translated into an equivalent TSS containing only 
ntree rules (tree rules with negative premises which are not necessarily restricted to single variables). 

In this paper, we also show that the restriction to well-founded PTSSs is not necessary to guarantee 
congruence. We also proceed by reducing a PTSS in ntjjfv/ntfvcv format to an equivalent PTSS containing 
only pntree rules. However, a pntree rule cannot simply be defined as an ntpfv rule where positive 
premises are restricted to the form x—*p, with x and p being term and distribution variables, respectively. 
It turns out that quantitative premises in ntpfv/ntpxv rules are too limited. The ntpfv/ntpxv format only 
allows for quantitative premises of the form p(Y) > q with p being a distribution variable, Y an infinite 
set of term variables, > e {>,>}, and q e [0, 1]. Instead, the pntree format requires premises of the form 
6(Y) > q where 9 is a nested convex combinations of products of distribution variables. We call these 
objects distribution terms. So, we extend the ntpfv/ntpxv format to deal with distribution terms, and 
prove, more generally, that a PTSS in the new format — called ntpfQ/ntpxG — can be translated into an 
equivalent PTSS with only pntree rules (hence, well-founded). Just like for the case of the ntyft/ntyxt 
format, full negative premises are required, i.e., negative premises in pntree rules cannot be limited to 
the form x ^> , with x being a term variable. 

Summarizing, the following results are introduced in this paper: 

• We define the ntpfO/ntpxB format, which extends the ntpfv/ntpxv format to deal with distribution 
terms in quantitative premises. 

• We prove that if a PTSS is in ntpfQ/ntpxQ format and it is well-founded, then bisimulation equiva- 
lence is a congruence for all its operators. This also corrects the mistake in the proof of Theorem 12 
in (JJ which omitted to consider the well-foundedness hypothesis. 

• We show that for all PTSS in ntpfd/ntpxO format (not necessarily well-founded) there is a PTSS 
with only pntree rules that defines exactly the same probabilistic transition relation (by "defines" 
we mean "has as a supported model") 

• We dropped the well-foundedness hypothesis from the congruence theorem: since every pntree 
rule is also a well-founded ntpfO rule, the previous results imply that bisimulation equivalence is a 
congruence for all operators of a (not necessarily well-founded) PTSS in ntpfQ/ntpxQ format. 
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• Besides, in the process, we also redefined important concepts for PTSS originally defined for TSS, 
in particular, the concept of "well supported proof". 

2 Preliminaries 

We assume the presence of an infinite set of (term) variables *V and we let x,y,z,x', xo,xi,. . . range over 
*y. A signature is a structure 2 - (F, r), where (i) F is a set of function names disjoint with *V, and 
(ii) r : F — > No is a rank function which gives the arity of a function name; if / e F and r(/) = then 
/ is called a constant name. Let W c <V be a set of variables. The set of 2-terms over W, notation 
T(L,W) is the least set satisfying: (i) W c T(L,W), and (ii) if / e F and t u ---,t rtf) e T(L,W), then 
f(h,--- ,t r (f)) £ 7\2, W). T(E,0) is abbreviated as 7\2); the elements of T(Z) are called closed terms. 
7/(2, "V) is abbreviated as 1(2); the elements of 1(2) are called open terms. Var(t) c <V is the set of 
variables in the open term t. 

In order to deal with languages that describe probabilistic behavior we need expressions denoting 
probability distributions. Let A(7\2)) denote the set of all (discrete) probability distributions on T(L). We 
let /r,7r',7T(),/ri,. . . range over A(7\2)). As usual, for n e A(7\E)) and T Q 7\2), we define n(T) - ^teT^iO- 
For t e T(L), let 8 t denote the Dirac distribution, i.e., 8 t {f) - 1 and 8 t (f) = if t + f. Moreover, the product 
measure n"=i^ is defined by (Y\" = i^d(h,---,tn) = n"=i in particular, if n = 0, (Yije&^j) = $0 

is the distribution that assigns probability 1 to the empty tuple. Let g : T(L) n — > T(L) and recall that 
g~ l (t') = {fe T(L) n | g(i) = t'}. Then (n" = i^) °g~ l is a well defined probability distribution on closed 
terms. In particular, if g : 7\X)° — > T(L) and g(Q) - t, then (J\je0^j)°8~ 1 - ^0°8 l - $t- 

For a term t e T(2) we let 5 t be an instantiable Dirac distribution. That is, 8 t is a symbol that takes 
value 8f when variables in t are substituted so that t becomes a closed term t' e 7\2). Let D = {8 t : t e 
T(2)} be the set of instantiable Dirac distributions. A distribution variable is a variable that takes values 
on A(7\2)). Let M be an infinite set of distribution variables. Let //,//, /xo,j"i,--- range over M and 
£, ^b> • • • range over MW. Let D c At be a set of distribution variables and V c 'V be a set of term 
variables. The set of distribution terms over D and V, notation DT(2,D, V) is the least set satisfying: 
(i) D U {8, : t e 7\2, V)} c DT(2,D, V), and (ii) Pidln^ G m )ogJ l e DT(2,D, V) where p,- e (0, 1] 
with H ;e/ /?; = 1, each g t is a function s.t. g t : T(L) N < T(2), and 8 nt e DT(2,D,V). Intuitively, gj\t) 
decomposes term t into its sub-terms t\ , . . . , t^ and probability 9{t) of term t is calculated as the convex 
combination of the product probability of its sub-terms 0i(f ! ),---,%,( f M)- DT(2,0,0) is abbreviated as 
DT(2); the elements of DT(2) are actual distributions on terms. DT(2,A1, , V) is abbreviated as DT(2). 
Var{9) c A1 U <V is the set of (distribution and term) variables appearing in 6. 

A substitution is a mapping that assigns terms to variables. In our case we need to extend this 
notion to distribution terms and instantiable Dirac distributions. A substitution p is a mapping in (*V U 
M) -> (T(2) U DT(2)) such that p(x) e T(2) whenever xe<V, and p(p) € DT(2) whenever p. e M. A 
substitution p extends to open terms and sets of terms as usual, to instantiable Dirac distributions by 
P(<5f) = <W) and to distribution terms by pil^tei Piilln.eN, S ni )°gJ l ) = Z/ e / PiiYln.eN.P^n,)) ° gj l ■ Notice 
that the construction of distribution terms ensures that closed substitution instances of distribution terms 
denote indeed probability distribution. 

3 Probabilistic Transition System Specifications 

A (probabilistic) transition relation describes the behavior of a process by prescribing the possible actions 
it can perform at each state. Each action is described with a label on the relation and the evolution to 
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the next state is given by a probability distribution on terms. We will follow the probabilistic automata 



style of 1 20 1 which generalize the so called reactive model p7| . Let 2 be a signature and A be a set of 
labels. A transition relation is a set -» c P7r(E,A), where PTr(L,A) = T(L) x A x A(T(L)). We denote 
(t,a,n) e— > by t — > 7r. 

Transition relations are usually defined by means of structured operational semantics in Plotkin's 
style [19]. We follow the approach of (6|[l3][T4j which provides an algebraic characterization for transi- 
tion system specifications. 

Definition 1. A probabilistic transition system specification (PTSS) is a triple P = (L,A,R) where Z = 
(F, r) is a signature, A is a set of labels, and R is a set of rules of the form: 

{t k ^ p k : k € K) U fa : 1 6 L) U {9j(Wj) ^ qj : j e J) 

a 

t^e 

where K, L, J are index sets, t, t k ,t\ e T(S), a, a k , hi eA,p k e M, Wj Q'V, ^.j e {>, >, <, <}, qj e [0, 1] and 
y -,0eBT(E) 

An expression of the form t —> 6, (resp. t , #(W) ^ p) is a positive literal (resp. negative literal, 
quantitative literal) where f € T(E), a € A, € BT(X), W c V&rur(2) and p € [0, 1]. For any rule reR, 
literals above the line are called premises, notation prem(r); the literal below the line is called conclusion, 
notation conc(r). We denote with pprem(r) (nprem(r), qprem(r)) the set of positive (negative, quantita- 
tive) literals of the rule r. A rule r is called positive if nprem(r) = 0. A PTSS is called positive if it 
has only positive rules. A rule r without premises is called an axiom. In general, we allow the sets of 
positive, negative, and quantitative premises to be infinite. 

Substitutions provide instances to the rules of a PTSS that, together with some appropriate machinery, 
allows us to define probabilistic transition relations. Given a substitution p, it extends to literals as 
follows: p{t^h)= p(t) , p(6(W) *tp)= p{9){p(W)) *t p, and p(t G) = p(t) p(6>). Then, the notion 
of substitution extends to rules as expected. We say that r' is a (closed) instance of a rule r if there is a 
(closed) substitution p so that r' = p(r). 

We say that p is a proper substitution ofr if for all quantitative premises p(6(W) § p) of r it holds that 
p(9(w)) > for all w e W. Thus, if p is proper, all terms in p(W) are in the support of p(9). Proper sub- 
stitutions avoid the introduction of spurious terms. This is of particular importance for the conservative 
extension theorem of (71 Theorem 14]. We use only this kind of substitution in the paper. 

As has already been argued many times (e.g. (6] 11 13)), transition system specifications with nega- 



tive premises do not uniquely define a transition relation and different reasonable techniques may lead to 
incomparable models. In any case, we expect that a transition relation associated to a PTSS P (i) respects 
the rules of P, that is, whenever the premises of a closed instance of a rule of P belong to the transition 
relation, so does its conclusion; and (ii) it does not include more transitions than those explicitly justified, 
i.e., a transition is defined only if it is the conclusion of a closed rule whose premises are in the transition 
relation. The first notion corresponds to that of model, and the second one to that of supported transition. 
Before formally defining these notions we introduce some notation. Given a transition relation — > c 

a a a 

PTr(Z,A), a positive literal t — > n holds in^>, notation— > \= t ^ n,if (t,a,n) e— ». A negative literal t -f> 

a 

holds in^>, notation— > |= t^f>, if there is no n € A(T(E)) s.t. (t,a,n) e— >. A quantitative literal n{T) ^ p 
holds in^>, notation— > |= n(T) ^ p precisely when n(T) § p. Notice that the satisfaction of a quantitative 
literal does not depend on the transition relation. We nonetheless use this last notation as it turns out to 
be convenient. Given a set of literals H, we write — > |= H if e H : — > |= (p. 
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Definition 2. Let P - (1,,A,R) be a PTSS. Let^> c PTr(L,A) be a probabilistic transition system (PTS). 
Then — > is a supported model of P if it satisfies that: e — > iff there is a rule — € R and a proper 
substitution p s.t. p(x) = <A an d ~ * N p(^0- For^> to be a model ofP we only require that the "if" holds, 
and for — > to fte supported by P we only require that the "only if" holds. 

We have already pointed out that PTSSs with negative premises do not uniquely define a transition 
relation. In fact, a PTSS may have more than one supported model. For instance, the PTSS with the single 

constant /, set of labels {a,b\ and the two rules a ^ and 1 , , has two supported models: {/ — » 5 A 

/—><*/ /— »5/ 

and {/ —> 6 /}. We will not dwell on this problem which has been studied at length in [6 1 and fll| in a non- 
probabilistic setting. Instead we present two different approaches to resolve this problem: stratification 
and well supported proofs. 



3.1 Stratification 

A stratification defines an order on closed positive literals that ensures that the validity of a transition 
does not depend on the negation of the same transition. 

Definition 3. Let P = (Z,A,R) be a PTSS. A function S : PTr(L,A) — > a, where a is an ordinal, is called 
a stratification of P (and P is said to be stratified) if for every rule 

{t k ^ p k : k € K] U {t, : l € L) U [9j(Wj) £ qj :jeJ) 

r = 

a 

and proper substitution p : (*V U M) — > (T(Z) U A(T(L))) it holds that: ( i)for all ke K, S (pfa — > pu)) ^ 

b, 

S(conc(r)), and (ii)for all I e L and p e M, S(p(ti — > p)) < S(conc(r)). Each set Sp - {(f> \ S(jf>) = /?}, 

with <a, is called a stratum. If for all ke K, S (p(tk — > pk)) <S (conc(r)), then the stratification is said 
to be strict. 

A transition relation is constructed stratum by stratum in an increasing manner by transfinite recur- 
sion. If it has been decided whether a transition in a stratum S p> , with ft' < ft, is valid or not, we already 
know the validity of the negative premise occurring in the premises of a transition <p in stratum S p (since 
all positive instances of the negative premises are in strictly lesser strata) and hence we can determine the 
validity of <p. Notice that a stratification does not take quantitative premises into account because their 
satisfaction does not depend on the transition relation. 

Definition 4. Let P = (Z,,A,R) be a PTSS with a stratification S : PTr(E,A) — > a for some ordinal a. 
For all rules r, let D(r) be the smallest regular cardinal such that D(r) > \pprem(r)\, and let D(P) be the 
smallest regular cardinal such that D(P) > D(r) for all r e R. The transition relation — >pj associated 
with P (and based on S) is defined by—>p t s = Up< a ^P[j> where each^p p = U;'<D(P)^P/3j an d each^>p pj 
is defined by 

~* p pj = { ^ I Sty) — ft and 3reR and proper substitution p s.t. \p — conc(p(r)), 
(U y </?^P y ) U /->/•.. •» N qprem(p(r)) Upprem(p(r)) and 
(Uy<(3^P y ) 1= nprem(p(r)) } 

A PTSS P with rules R = [ J ^P L , can be stratified by S(f S f ) = and S(f S f ) - 1. This 

yf — >8f / — >s f ) 

b 

stratification induces the transition relation— >ps = {f — > Sf}. Because (non-strict) stratifications allow 
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that positive premises are in the same stratum as the conclusion, the validity of a premise may depend 
on a rule with a conclusion literal of the same stratum. In this case, the construction of — > p requires to 
iterate up to D(P) times, denoted by Uj<D(P)^P/3 •• to decide the the validity of all literals of this stratum. 

The existence of a stratification guarantees the existence of a supported model. In fact, such model 
is the one in Def. [4] (Theorem [TJ. Furthermore, all stratification define the same supported model (The- 
orem [2]) which allows to omit the stratification symbol in — and use — >p instead. Moreover, strict 
stratification ensures uniqueness of the supported model (Theorem [3]). The proofs follow closely their 
non-probabilistic counterparts in 1 13 1 (Theorem 2.15, Lemma 2.16 and Theorem 2.18, resp.). The only 
actual difference lies on the quantitative premises, which do not pose any particular problem since their 
validity depends only on the substitution. 

Theorem 1. Let P be a PTSS with stratification S. Then — > ps is a supported model of P. 

Theorem 2. Let P be a PTSS. For all stratifications S , S' of P it holds — >p ( s = — *p,s'- 

Theorem 3. Let P be a PTSS with a strict stratification S. Then^>p$ is the only supported model of P. 



3.2 Proof structures 

In this section we introduce the notion of provable rules from a PTSS. To define this notion we use proof 
structures |9j. A proof structure is like a derivation tree where the rules do not share variable names. The 
connection between the conclusion of a rule r and a premise ip in other rule is represented by a mapping 
<p from rules to literals, i.e. <p(r) = tp. A substitution matches with a proof structure if both the conclusion 
and the premise related by <p are mapped to the same literal. Thus, matching substitutions translate a 
proof structure into an actual derivation tree. As a consequence, a matching substitution applied to a 
proof structure defines a provable rule in which the premises are the leaves of the derivation tree and the 
conclusion is the root. The absence of shared variables allows to define substitution on proof structures 
avoiding name clashes. Provable rules will be used in the following way through the paper: given a PTSS 
P we take the set of provable rules from P with a particular format, these rules will be used to define a a 
new PTSS P' , then we show that P and P' derive the same PTS. 

A PTSS is small if for each of its rules the cardinality of its collection of premises does not exceed 
the cardinality of the set of variables V. Small PTSS ensure that there are enough variables to construct 
the proof structures. 

Definition 5. A proof structure is a tuple (B, r, (p) such that 

• r e B and B is a set of transition rules which do not have any variables in common, 

• (p is an injective mapping from B \ {r\ to the collection of positive premises in B, such that each 
chain bo,b\,. . . in B, with 0(Z? i+ i) is a premise ofbj, is a finite chain. 

Let top(B,r,(/>) be the set of all premises of rules in B that are outside the image of (p. Let qtop(B,r,(f>) be 
the set of all quantitative premises in top(B,r,(p). 

We introduce a partial well-order < on proof structures to allow inductive reasoning. Define the 
partial order < by (B' ,r' ,<p') < (B,r,<p) iff B' c B, cp' is <p restricted to B' \ {r'\, top(B',r',0') c top(B,r,(f>), 
and there is a chain bo,b\,. . .,b n with bo = r, b n = r',n>0 and 4>(bi+i) is a premise of £>,-. 

A substitution a matches with the proof structure (B, r, cp) if cr(conc(Z?)) - cr((p(b)) for every b e B \ {r}. 

Definition 6. Let H - H p U H n V)H q a set of literals s.t. H p , ( resp. H n and H q ) is a set of positive ( resp. 
negative and open quantitative) literals. A rule — is provable from a small PTSS P = (L,A,R), notation 
P h ^7, if c e H or there is a proof structure (B,r,cp) such that each rule in B is in R modulo a-conversion 
and there is a substitution o~ that matches with (B, r, (p) such that: 
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a — > d a 



\y\ -» H yi Iji e FO s -> ^(Fi) > 1 



S + t—>fl s 



u + v-^> ii u 



{yi — > A<y2 I ^2 g Y 2 ) W— X-^Jlx ((Mw ll/fxXjj) ^ 0-5) 
w||x— >jU w ||yU x 




: 3,3 



o~(s 
criyi 

cr(w 
cr(x 
cr(y 
cr(z 



= a crQi s ) = 8 a 

= a with y\ e Y\ 

= 8 a with y\ e Yi 

= a + t <t(ju w ) = 6 a 

= u + v cr(p x ) = fi u 

= a + t cr{p.\\) = 5 a \\jJL u 
= u + v 



Figure 1: An example of proof structure. (See Example [TJ 



• cr(top(B, r, (p) - qtop(B, r, <f>)) c H, 

• if\]/ e cr(qtop(B,r,(f>)) is a closed quantitative premise then ip holds, otherwise ip e H q and 

• cr(conc(r)) = c. 

Note that closed quantitative literals do not need to be included in the premise of a provable rule 
because their validity can be decided without further instantiation. Notice additionally that all negative 
literals of premises of rules in B are included in H and thus no negative literals can be derived. 

Example 1. Let P = (L,A,R) be a PTSS with {a, +, ||} c £, {a,a,b,T,ok} c A and all rules in Fig. ^appear 
in R. Let (B,r,(p) the proof structure of Figure^where mapping <p is represented by the arrows. Let o~ be 
the substitution defined in Fig. [7J with cr(^) = £for any other ( term or distribution ) variable not specified 
in the figure. Then the following rule is provable from P: 



u^Pu {y2^fiy 2 \y 2 eY 2 } || ju M )(F 2 ) > 0.5) {y 3 ^p y3 \y 3 e Y 3 \ ((S a \\p u )(Y 3 )>0.2) 



(a + t) || (u + v) 



ok 



(1) 



Both in Fig. [7J and in the above rule we used shorthand notations for the different distribution terms. 



We write (pi w \\ p x ) and (5 a \\ p. u ) instead of (p. w X p x ) o ||~ and ((Sq o k~ l ) X p x ) o || _1 , with k a (Q) = a, 
respectively ( trivial summations are omitted). 

Since o~(y\) = a for all y\ € y\ and cr(p s ) = 5 U , then cr(p s (Yi) > 1) = (5 a ({a)) > 1) is closed, and 
moreover, it holds. As a consequence, it does not appear as a premise of rule (TTI). Also notice that p\\ 
was substituted by (6 a \\ p u ). This is why we needed to upgrade the format of to consider the more 
complex distribution terms on the quantitative premises instead of only distribution variables. 

The set of all provable rules from a PTSS can be alternatively defined in a recursive manner without 
using the notion of proof structure (Def.[7J. We prove that both definitions are equivalent in Lemma [T] 

Definition 7. The provable closure of a PTSS P = (L,A,R) is the smallest set R b of rules such that 

• ifceHthen &■ eR h , 

• ifreR and there is a substitution o~ such that 



1-1 
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- for all p € pprem(r) U nprem(r) it holds € R h and 

- for all p € qprem(r) if cr(p) is not a closed literal then e R h , otherwise o~(p) holds 



Lemma 1. A rule f is provable from a small PTSS P = (L,A,R) iff ~ € R>~. 

The following lemma is an immediate consequence of Def . [7] 
Lemma 2. Let P and P' be two PTSS such that all rules in P' are provable from P. Then all rules 
provable from P' are also provable from P. 

3.3 Well-supported proofs 



In the following we adapt the notion of well- supported proof [ 1 1 1 to PTSS. In the following, we say that 
literals t — > n and t -f* deny each other. 

Definition 8. A well-supported proof of a closed literal ft from a PTSS P = (Z,A,R) is a well-founded, 
upwardly branching tree of which the nodes are labeled by positive or negative literals, such that 

• the root is labeled by ft, and 

• ifx is the label of the node q and \xk I k € K\ is the set of labels of the nodes directly above q, then: 

— ifx is a positive literal then there is a rule r eR and a closed proper substitution p such that 
\Xk I k € K\ = pprem(p(r)) U nprem(p(r)), the quantitative premises qprem(p(r)) are valid and 
conc(p{r)) =x, 

- ifx is a negative premise then for all P h ^ with ft a closed literal denying x, a literal in 
{Xk I k e K] denies a literal in N. 

A literal is ws-provable, notation P \- ws i//, if there is a well-supported proof of ft from P. A literal ft is 
ws-refutable if there is a literal ft' ws-provable from P and ft denies ft' . 

Notice that nodes in the proof tree of Def. [8] are not quantitative literals. This is due to the fact 
that the validity of closed quantitative literals is already known. In fact, the definition requires that all 
quantitative literal introduced by a rule r should become valid after substitution. 

a a 

We say that a PTSS P is complete if for all closed literal t -f> , P \- ws t — > n for some distribution n 
or P \- ws t ■ In addition, P is consistent if there are no pair of literals derived from p that deny each 
other. We will focus only on complete PTSSs. The transition relation based on well-supported proofs 
associated to a (complete) PTSS P (denoted by — > W1 ) is the set of ws-provable transitions of P. 
Lemma 3. Let P be a PTSS. IfP is complete then it is also consistent. 

Lemma [3] allows us to show that, for any stratifiable PTSS, the model obtained using well-supported 
proofs coincides with the model obtained through stratification. Notice that this does not imply that the 
methods are equivalent: it could be the case that a PTSS is complete but not stratifiable (see [11, Prop. 
27]). 

Lemma 4. Let P be a PTSS with stratification S and ft a positive or negative literal, then ft € — > vvs iff 



The proof of this lemma follows the same structure of its non-probabilistic counterpart (see [ 1 1 Prop. 
25]). 

The next lemma states that it suffices to show that the same rules having only negative premises are 
provable in two different PTSSs to state that these PTSSs define the same set of ws-provable transitions. 
Lemma 5. Let P and P' be two PTSSs over the same signature such that P h ^ iff P' h for all closed 
rule — with H containing only negative premises. Then P \- ws ft iffP' \- ws ft for all closed literal ft. 
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4 The ntfjfO/ntfixO format 

In this section we revise the ntpfv/ntpxv format of (7J adapting it to the richer quantitative premises 
introduced before. Furthermore we correct some mistakes of (7J. 

Before, we recall the notion of bisimulation on PTSs (T7J. Given a relation R c T(Z) x T(L), a set 
Q c T(L) is R-closed if for all t € Q and € r(E), t R ?' implies ?' € Q (i.e. R(£>) c Q). If a set £ is 
R-closed we write R-closed(0. It is easy to verify that if two relation R, R' c T(Z) x 7\X) are such that 
R' c R, then for all set Q c T(L), R-closed(g) implies R'-closed(0. 

Definition 9. A relation R c T(L) x T(Z) is a bisimulation if R is symmetric and for all t,t' e T(E), 
7T e A(7\E)), aeA, 

t Rt' and t — > tt /m/?/y ?/za? ejrftffa /r' e A(T(E)) s.f. t' — » 7r' an<i tt /-? 7r', 

where n Rn' if and only ifVQ c !T(X) : R-closed(Q) => tt(<2) = n'(Q). We define bisimilarity ~ as the 
smallest relation that includes all other bisimulations. It is well-known that ~ jj itself a bisimulation and 
an equivalence relation. 

Let {F/j/gL be a family of sets of term variables with the same cardinality. The /-th element of a tuple 
y is denoted by y(l). For a set of tuples T = {ft \ i e /} we denote the /-th projection by = {$(/) | z € /). 
Fix a set Diag{F/}/ eL c YlieL Y i sucn that: 

(i) for all I e L, 7r,(Diag{F,} teL ) = F; and 

(ii) for all f,y' e Diag{F,} /eL , (31 eL: f(l) = y*(/)) => y = y' . 

Property (ii) ensures that different $y' e Diag{F/}/ £ £ differ in all positions and by property (i) every 
variable of every F/ is used in one y e Diag{ F/}/eL. Diag stands for "diagonal", following the intuition 
that each y represents a coordinate in the space rifez,^> th en Diag{F/}/ e ^ can be seen as the line that 
traverses the main diagonal of the space. Notice that, letting L be a natural number, for F/ = {y9,y},yf, ■■■} 
a possible definition for Diag{F/} /eL is Diag{F,} /eL = {(y° Q ,y° v . . . ,y° L ), (y l Q ,y\, . . . ,y\), ty^y], ■ . . ,y 2 L ), . . .}. 

Definition 10. Let P = (L,A,R) be a PTSS. A rule reRis in nt/jf6 format if it has the following form 

UmtMitmiz) ^ A4 • Z € Z\ U U„e N Un(z) ^>:?6Z)U WJfi >l,k Pl,k ■ [ € L,k £ K t ) 

f(xi,...,x r (f)) A 6> 

wz7/i >//t € {>, >}for all I € L ant/ & € £/, arcc? z7 satisfies the following conditions: 

1. Each set Yi should be at least countably infinite, for all I e L, and the cardinality of L should be 
strictly smaller than that of the Yfs. 

2. Z= Diag{Y,\ IeL x U W ewM, with ffc7\ [j leL Y,. 

3. All variables fx z m , with me M and z e Z, are different. 

4. For all z,z' eZ,meM, iff4,,f4i e Var ( e ) u ( u fe£ VaHBl)) then z = z'. 

5. For allleL, Y t n {xi, . . . , x r( f)\ = %, and Y t n Y v - %for all V eL,l± V. 

6. All variables x\ , . . . , x r (j) are different. 

7. For all I € L, Var(6i) n ({x 1; . . . ,x r(/) } U {J,, eL Y v ) = 0. 

8. f e F and for all me M and neN, t m ,t„ e T(S). In all cases, ift e T(E) and Var(t) c {wi, . . . ,wh\, 
t(w' v . . . ,w' H ) is the same term as t where each occurrence of variable Wh (if it appears in t) has 
been replaced by variable w' h , for 1 <h<H. 
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9. e,G,em(L)forallleL. 

a 

A rule r e R is in ntpxO format if its form is like above but has a conclusion of the form x — » 6 and, in 
addition, it satisfies the same conditions as above only that whenever we write {x\,.. .,x r (f)}, we should 
write {x}. A rule reRis in nxpfO format if it is in ntpfO format and the sources of its positive premises are 
term variables. P is in ntpfO (resp. ntpxO, nxpfQ) format if all its rules are in ntpfO (resp. ntpxO, nxpfQ) 
format. P is in ntpf9/ntpx9 format if each of its rules is either in ntpf 6 format or ntpxO format. 

The rationale behind each of the restrictions are discussed in [7] in depth. In the following we briefly 
summarize it. Term variables X\,..., x T (j) appearing in the source of the conclusion are binding. Variables 
in U/eL^/ an d those appearing in instantiable Dirac distributions are also binding when appearing in 
quantitative premises. Therefore they need to be all different. This is stated in conditions [3} [5j and [7] 
Distribution variables in \p z m \ m e M Az £ Z,} are also binding when appearing on the target of a positive 
premise. Hence they also need to be different, which is stated in condition [6j If 7/ is finite, quantitative 
premises will allow to count the minimum number of terms that gather certain probabilities. This goes 
against the spirit of bisimulation that measures equivalence classes of terms regardless of the size of 
them. Therefore 7/ needs to be infinite (condition [T}. Condition [4] is more subtle; together with each 

set of premises {t m (z) — * yu£ : z £ -Z} it ensures a symmetric behaviour of terms t m (z) for every possible 
instantiation of variables z. A clear example that shows the need for this symmetry is provided in j7j. 
The need for the source of the conclusion and targets of positive premises to have a particular shape is 
the same as in the tyft/tyxt format fl4"} . Conditions [2|[8j and[9]are actually notations and definitions. 

The definition provided here corrects some mistakes inadvertently introduced in the ntpfv/ntpxv for- 
mat in [7 ], more precisely on the quantitative premises and condition 4 in Def. 11 (which corresponds to 
our condition [4}. Another mistake in [7] was omitting to require that PTSS are well-founded as hypoth- 
esis for the congruence theorem. This is corrected in the following, where we extend the congruence 
theorem to the ntpfQ/ntpxQ format, [j] 

Definition 11. Let W be a set of positive and quantitative premises. The dependency directed graph of 
W is given by G w = (V,E) with V = U^ eW Var{tp) and E = {(x,p) \ t A p.,x £ Var(t)} U {(^,y) | (j9(Y) > p) e 
W,£ £ Var(6),y £ Y\. We say that W is well-founded if any backward chain of edges in Gw is finite. Define 
for each xeV, tivdgW = sup({«vdg(3 ; ) + 1 1 (y,x) £ E}), where sup(0) = 0. A rule is called well-founded 
if its set of positive and quantitative premises is well-founded. A PTSS is called well-founded if all its 
rules are well-founded. 

Theorem 4. Let P be a well-founded stratifiable PTSS in ntpfQ/ntpxQ format. Then ~ is a congruence 
relation for all operators defined in P. 

5 nt/jfO/nt/uxO format reduces to pntree 

The reduction procedure requires results from unification theory over infinite domains. Instead using the 
result presented in [8|, we use the variation presented in [9, Lemma 3.2] that proves some extra properties 
needed to prove our main result. 

Definition 12. A substitution cr is a unifier for a substitution p if crp = o~. In this case, we say that p is 
unifiable. 

'Both issues are explained in detail in the corrigendum of |7|: http://cs.famaf.unc.edu.ar/ lee/publications/corrigendum- 
Fossacs2012.pdf 
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Lemma 6. If a substitution p is unifiable, then there is a unifier a for p such that: ( i) each unifier a for 
p is also a unifier for & ( ii) ifp(0 = £ then o~(£) - for a//(e f VU M, and ( Hi) ifp n (0 is a variable for 
alln>0 then cr(<f) is a variable. We call & the most general unifier. 

The main theorem [5] showing that every PTSS in ntpf9/ntpx9-format can be reduced to a transition 
equivalent PTSS in pntree format is developed incrementally. First of all, we show that every ntpxG- 
rule can be expressed by a set of ntpf8-mle.s by replacing the source variable of the conclusion with an 
appropriate context f(x) (Lemma [7]). Secondly, we show that for all PTSS P in ntpfd format there is a 
PTSS P' in nxpfG format such that P \- f iff P' h f f or all rules f in nxpfQ format (Lemma [£]>. Notice 
that this result implies that P h ^- iff P' h ^- for all rule ^- with H' a set of closed negative premises, 
then by Lemma [5] P and P' are equivalent. Finally, we prove that for all PTSS P in nxpfQ format there 
is a PTSS P' in pntree format (a PTSS in well-founded nxpfQ format without free variables), such that 
for every closed transition rule ^ with only negative premises, P V ^ iff P' V ^ (Lemma |9j). Again, by 
Lemma [5j P and P' are equivalent. This series of lemmas leads to the main theorem stating that every 
PTSS consisting of rules in the ntpfQ/ntpxQ format can be reduced to a transition equivalent PTSS in 
the more restrictive pntree format. Furthermore, this shows also that the rules of a PTSS in ntpfQ/ntpxQ 
format do not have to be well-founded in order to guarantee that the bisimilarity of the induced PTS is a 
congruence. 

The reduction of proof structures follows the logic of [9]. In the probabilistic setting we need to 
treat additionally quantitative premises as follows: While substitutions replace distribution variables by 
distribution terms the substitution p(Q(Y) > p) leads to a well-defined quantitative literal (p is defined as 
POO = y f° r a U y 6 Y). Because by construction cr unifies p we have that whenever cr(Q(Y) > p) then also 
cr(p(Q(Y) > p)). This shows the satisfaction of the quantitative premises. 

Lemma 7. Let P — (L,A,R) be a stratifiable PTSS in ntpfQ/ntpxQ format. Then there is a stratifiable PTSS 
P' = (E,A,R f ) in ntpfO format that is transition equivalent to P. 

Lemma 8. Let P = (E,A,R) be a PTSS in ntpfG format. Then there is a PTSS P' = (X,A,#') in nxpfB 
format such that P h ^ iffP'v ^ for all rule — in nxptO format. (A rule is in nxptO format if the source 
of every positive premise is a term variable and its target is a distribution variable.) 

Proof. Define P' - (L,A,R') such that r eR' iff r is a provable rule from P in nxpfQ format. The right to 
left implication follows straightforward from Lemma [2] 

For the left to right implication we proceed by induction on the partial order over proof structures. 
Suppose P h — , with a rule — in nxptG format, and let (B, r, cp) be a proof structure for ^ over P. Then by 
Def.[6]there is substitution cr s.t. (a) cr( top(B, r, <p) - qtop(B, r, cp)) c H, (b) closed quantitative premise in 
cr(qtop(B, r, <p)) hold, (c) open quantitative premise in cr(qtop(B, r, (f>)) belong to H, and (d) cr(conc(r)) = c. 

From (B,r,(p) we construct recursively a substructure {B' ,r,cp') which is a proof structure for a rule 
r 1 e R', i.e. r' is in nxpfQ format, such that cr(conc(r')) = c and for each premise c' of cr(r') the rule ^ is 
provable from R' i.e. ^ e R' h or c' is a valid closed quantitative literal. Then, by LemmajlJ * is provable 
from P' . Furthermore, we construct a partial substitution p which is unified by cr, i.e. if p(x) is defined 
then cr(p(x)) = cr(x). In this construction p° is defined as the identity function. We proceed with the 
definitions of the transition rules B' and the substitution p: 

(i) reB'. 

(ii) If b € B \ {r} and (p(b) is a premise t m (z) —> pf m of a rule in B' s.t there is k > with: 

(a) p'(t m (z)) is defined for i - 0, . . . ,k 

(b) p'(t m (z)) are variables for i — 0, . . .,k — 1 
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(c) p k {t m {z)) has the form f{t\ t r(f) ) with t t e T(S) 

then beB'. Notice that the conditions can be satisfied only if p'(t m (z)) is a variable for i — 0, ...,k- 1 . 
Moreover p°(t m (z)) = t,„(z) is a variable. In addition, this variable belongs to z- 



(in) Since cr matches with (B,r,(f>), <x(conc(ft)) = cr(t m (z) — > /4,). Because the rule format restricts the 
form of the conclusion conc(Z?), then we can rewrite the last equality by: o~(f(x\ Xr(/)) — * 0) = 
o~(t m (z) —* f4n) In addition, cr unifies the partial substitution p, then if p k ~ l (t,„(z)) is a variable it 
holds: oifjft) = o-p\t m {z)) = oif(t\ ,...,t n )). 

Because conc(ft) has the form f{x\,...,x x (f)) —> 6 it holds o~(xf) = cr(f,) for j = l,...,r(f) and 
cr(9) - o-(p. z m ). Define p{xj) = tj for j - 1, . . . , r(/) (here we define the left side of a conclusion of 
a rule in B' \ r). Besides, define p(pf n ) = 6. Notice that this extension of p is unified by cr and, by 
Def . |6j the variables Xj and pf n appear only in this rule, then we are not redefining substitution p. 

(iv) Define p(£) = f for all variable f if f is not defined for p. Substitution <r unifies this extension of p. 

(v) Finally, <f>' is the restriction of <f> to B' \ |r). (Notice that the substitution p is defined for the the right 



side of a positive premise in the image of cf>' in item (iii I.) 
Substitution cr unifies substitution p, by Lemma[6j there is a substitution p' which unifies p and: 
(p'i) crp' - cr. 

(p'ii) If p(£) = f then p'(£) = with ^ a term or distribution variable. 

(p'iii) If p k (0 is a variable for k > then p'(^) is a variable. 

The proof structure (B' ,r,<p') and the substitution p' are completely defined, now we can prove that 
p' matches with (B',r,(p'). Let b a rule used to construct B' and consider the substitution p. Recall that 

the conclusion of b has the form f(xi,. . ■,x r (f)) — > and <p (b) = t m (z) — > p m is such that p (t m (z)) = 
f(t\ t f (fj) - p(f(x\ x r (f))) by (jnj) and the definition of p for in ( iii ). Since p' unifies p then 



pW)) - P '(az)^/4) - p'(P fc fe(z"))^pCMf„))) - 

- p'(p(/(JCi,...,x r( /))-%6») - p'(/(xi,...,JCr(/))-%0) - p'(conc(Z7)) 

Then the substitution p' matches with the proof structure (B',r,<p'). 

„ . ^ ^ A , , ,(\h:he top(B', r, 0'), ^ is not a closed quantitative premise) \ . , , 

To show that the rule s = p i 1 — is provable 

r \ conc(r) ) r 

(Def. [6]), it remains to show that if a quantitative premise in qtop(B',r,0') is closed then it is also 
valid. Let ip £ qtop(fi',r,0') be a quantitative premise. Then if p'(ifr) is closed, since cr unifies p', it 
holds that cr(i/r) - cr(p'((/r)) = p'(ifr), which implies that also cr(i^) is a closed literal. Because the rule 
(\h : h € top< B,r,d>),h is not a closed quantitative premise) \ . . . . ... , 

crl £± — conc(r) J 1S P rova hl e we have that cr(i/r) holds and 

therefore also p'(i/0 holds. 

Finally we prove that the rule s is in nxpfd format. From the construction by p we know that if x is 
s.t. p(x) + x then x satisfies one of the following conditions: 

1. x appears in the left-hand side of a conclusion of a rule in B' \ \r\, 

2. x appears in the right-hand side of a positive premise in the image of cf>'. 

Then if g(xi, . . . ,x m ) — > 9 is the conclusion of r, p(xj) - xj for j - 1,.. .,m and, hence p'{xj) = Xj 
because of (p^. On the other hand, if £ e Vfar(#) is a variable that appears in the right-hand side of 
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a positive premise in the image of <p', i.e. £ is a distribution variable, we have p'(£) e DT(S) and then 

p'(0 e DT(Z). Therefore the conclusion p'(g(x\,. . . ,x m ) — > 9) of s has the form g(x\,. . .,x m ) — > p'(0) as 
the nxfiJB format demands. 

We continue with the premises of s. Let p'(t — > p) be a positive premise in p'(top(fi' ,r, </>')) then 
t—* pis a positive premise of a rule in B' which does not belong to the image of <p'. Then p is such that 
pip) = p and this implies p'{p) - p. To prove that p'(t) is a variable there are 2 cases to investigate: 

• t —> pe top(B,r,(f>). Then cr(t —> p) e H and because — is in nxptQ format, then cr(t) is a variable. 
Therefore crp'it) = <x(?) and then p'(t) is a variable. 

a a a 

• t — > p top(5,r,0). Then there is a rule Z? s.t. = ? — > p. Since ? — > p does not belong to the 
image of 0' we have that b $B' '. By B' and the construction of p we have that p k (t) is a variable 
for all k>0. Then (pjmj! ensures that p\i) is a variable. 

This shows that the positive premises also fulfill the requirements of the nxp/9 format. 

We proceed with the quantitative premises. Let (9(Y) > p) € qtop(B',r,0') with € DT(E). By the 
same reasoning as applied for the target of the conclusion we get p'{9) € DT(Z). In addition, p(y) = y 
for all y e Y because they do not appear in the left-hand side of a conclusion, and hence p'{y) = y. Thus, 
p'(9{Y) > p) has the proper form. 

Syntactical restriction for positive and quantitative premises and conclusion are satisfied. Besides, 
there is no restriction for negative premises, therefore s is in nxpf9 format and then s e R' . 

For all positive premises c' € cr( top(B' ,r,<f>')) the rule ^ is in nxpt9 and it is provable in R by a 
proof sub-structure smaller than (B,r,cp). Thus, by induction we get that these rules are provable in R'. 
Applying Lemma [I] on these rules and s shows that ^ is provable in R' . □ 

Definition 13. We say that a variable x occurs free in a rule r if it occurs in r but not in the source of the 
conclusion nor in Wj with 9j(Wj) qj € qprem{r). We say that a distribution variable p occurs free in 
a rule r if it occurs in r but not in the target of a positive premise. 

Definition 14. A PTSS P - (Z,A,R) is in pntree format if all rules in R are well-founded nxpf9 rules 
without free variables. 

Lemma 9. Let P = (L,A,R) be a PTSS in nxpf 9 format. Then there is a PTSS P' - (Z,A,R') in pntree 
format such that for every closed transition rule — with only negative premises, P\- — iffP'\- — 

Proof. Let P' = (Z,A,R') such that R' is the set of provable rules from P in pntree format. By Lemma|2j 
the right to left implication holds. 

For the left to right implication we proceed by induction. Let — be closed with H containing negative 
literals only. Let ^ be provable from P, i.e. ^ e R h . Then either c € H, c is a valid closed quantitative lit- 
eral, or there is a rule r and a substitution p such that p(conc(r)) = c and, for all premises c' e p(pprem(r)), 
—, € R b . Then — € /?' h either trivially or by induction. 

Because r is nxpf9 format, r has the form 

UmeMiK ^pj:zeZ}U Une N Un(z) ^:?eZ}U {0/(7/) >i, k P i, k : I e L,k e Ki) 

f(x l ,...,x r(f) ) A 9 

where each w z m is a variable in z. 

Let G be the variable dependency graph associated to pprem(r) U qprem(r). From r, we construct a 
rule r' e 5 as follows. Let p z m be the target of a positive premise such that there is no backward path in 
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G from a vertex jj? m to some vertex %u with jell,.. . ,x r (/)}. Notice that, by the symmetry requirements 



in Def. 



10 



this happens for all p z m with t e Z- We first obtain a rule r" by (i) replacing variables wf n 
and p* m by p(w;„) and p(p~ n ), respectively, and (ii) replacing every free variable £ in Q\ and 6 by p(£). The 
resulting rule r" does not have free variables and it is a substitution instance of r, so r" is provable from 
P. To obtain r', replace each closed positive premise p(yv) n — > by Since, w^, — » ju£ is a positive 
premise of r, — — — € R v . Then r' is also provable from P. 

Notice that the resulting rule r' is in nxpfG format without free variables. Morever, r' is well-founded 
since any dependency backward chain ends in a vertex xi. Hence r' is a pntree rule and therefore r' eR'. 

Let p e prem(r'). Then either p e H (and hence p is closed) or p e prem(r). In any case, e R' h 
(if p € prem(r), it follows by induction). Therefore p(co ^. (r > )) e ^' h - Since p(conc(r')) = p(conc(r)) = c, 

c 

Theorem 5. Let P = (L,A,R) be a PTSS in ntpfG/ntpxG format. There is a PTSS P' = (L,A,R r ) in pntree 
format that is transition equivalent to P. 

The proof of Theorem [5] follows by applying Lemmas [7] [8j |9j and [5} in that order. 

Let P be a stratifiable PTSS in ntpfG/ntpxG format and let S be its stratification. If r is a provable rule 
from P, conditions (i) and (ii) in Def. [3] also hold for stratification S in rule r. (This can be shown by 
induction.) Then, S is also a stratification for the PTSS P' in pntree format obtained as in Theorem [5] 
Since pntree rules are well-founded ntpfB rules, from Theorems [4] and |5j we have the following corollary. 

Corollary l.IfP is a stratifiable PTSS in ntpfO/ntpxQ format, ~ is a congruence for all operators in P. 

To conclude the section, we remark that negative premises cannot be reduced to variables. Following 
the nomenclature of [9], we say that a rule is in simple pntree format if it is in pntree format and all its 
negative premises have the form x -f* ■ It turns out that the pntree format (and hence also the ntpfQ/ntpxG 
format) is strictly more expressive than simple pntree format. We will not dwell on this since example 
and rationale of the difference of expressiveness in the non-probabilistic case applies mutatis mutandi to 
our case (see J9}). 



6 Concluding remarks 

We introduced the rule format ntpfQ/ntpxG which enriches ntpfv/ntpxv |7J by allowing distribution terms 
to appear in quantitative premises and conclusions of rules. We showed that it ensures that bisimulation 
equivalence is a congruence for operators of well-founded PTSSs. On proving this, we corrected a 
mistake introduced in (7). The richer syntactic structure of the quantitative premises and the conclusion 
of the rules allows us to define a reduction of ntpfB/ntpxG PTSSs to a transition equivalent PTSS consisting 
of only pntree rules. This construction confirms that the well-foundedness requirement in ntpfG/ntpxG is 
not necessary to guarantee that bisimilarity is a congruence. 

We already know that the ntpfG/ntpxG format is equally expressive if restricted to quantitative premises 
of the form G{Y)> q with q e [0, 1] n Q. However, we do not know whether distribution terms are re- 
ally needed. We actually suspect that they are, and hence, that the ntpfG/ntuxG format is strictly more 
expressive than the ntpfv/ntpxv format. 

Pntree rules are nearly ruloids (5j except that negative premises may still contain non-variable terms. 
The decomposition method of (4j[l0j to develop modular compositional proof systems can be adapted 
to pntree rules by applying the negation-as-failure semantics for the logical characterization of negative 
premises of pntree rules. This will allow us to derive expressive congruence formats for probabilistic 
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behavioral equivalences from their logical characterization in a structured way, following the approach 
of@. 

Both [7] and this work have opened a new way of thinking about probabilistic transition system 
specifications. One of the nicest things is that the nt/jfO/nt/uxO follows quite closely the structure of non- 
probabilistic formats (particularly, ntyft/ntyxt). Hence, many ideas for further work can be borrowed from 
the non-probabilistic setting. 



References 

[1] Jos C. M. Baeten, Jan A. Bergstra & Scott A. Smolka (1995): Axiomatizing Probabilistic Processes: ACP 
with Generative Probabilities. Inf. Comput. 121(2), pp. 234-255, doi j 1 0. 1 006/inco. 1 995 . lT35| 

FalkBartels (2002): GSOS for Probabilistic Transition Systems. Electr. Notes Theor. Comput. Sci. 65(1). 

Falk Bartels (2004): On Generalised Coinduction and Probabilistic Specification Formats. Ph.D. thesis, 
Vrije Universiteit. 

Bard Bloom, Wan Fokkink & Rob van Glabbeek (2004): Precongruence formats for decorated trace seman- 
tics. ACM TOCL 5, pp. 26-78, doi j 10. 1 145/963927.9 63929 

Bard Bloom, Sorin Istrail & Albert R. Meyer (1995): Bisimulation Can't be Traced. J. ACM 42(1), pp. 
232-268, doi |10.1145/200836.200876l 

Roland Bol & Jan Friso Groote (1996): The meaning of negative premises in transition system specifications. 
J. ACM 43(5), pp. 863-914, doi jlO.l 145/234752.234756] 

Pedro R. D'Argenio & Matias David Lee (2012): Probabilistic Transition System Specification: Congruence 
and Full Abstraction of Bisimulation. In: FoSSaCS, LNCS 7213, Springer, pp. 452^-66, doi: 10. 1007/978-3- 
1642-28729-9-301 

Wan Fokkink (1997): Unification for infinite sets of equations between finite terms. Information Processing 
Letters 62(4), pp. 183 - 188, doi |10.1016/S"0 020-0190(97)00063Ot| 

Wan Fokkink & Rob J. van Glabbeek (1996): Ntyft/Ntyxt Rules Reduce to Ntree Rules. Inf. Comput. 126(1), 
pp. 1-10, doi |10.1006/inco.l996.0030l 

Daniel Gebler & Wan Fokkink (2012): Compositionality of Probabilistic Hennessy-Milner Logic through 
Structural Operational Semantics. In: Proc. CONCUR 2012, LNCS 7454, Springer, pp. 395-409. 

Rob J. van Glabbeek (2004): The meaning of negative premises in transition system specifications II. J. Log. 
Algebr. Program. 60-61, pp. 229-258, doi ]10.1016/j.jlap.2004.03.007l 

Rob J. van Glabbeek, Scott A. Smolka & Bernhard Steffen (1995): Reactive, Generative and Stratified 
Models of Probabilistic Processes. Inf. Comput. 121(1), pp. 59-80, doi |10.1006/inco.l995.1123| 

Jan Friso Groote (1993): Transition system specifications with negative premises. Theor. Comput. Sci. 1 18(2), 
pp. 263-299, doi |10.1016/0304-3975(93)90111-6| 

Jan Friso Groote & Frits Vaandrager (1992): Structured operational semantics and bisimulation as a congru- 
ence. Inf. Comput. 100(2), pp. 202-260, doi ]10.1016/0890-5401(92)90013-6| 

Bartek Klin & Vladimiro Sassone (2008): Structural operational semantics for stochastic process calculi. 
In: FoSSaCS, LNCS 4962, Springer, pp. 428^42, doi: 10.1007/978-3-540-78499-9-30| 

Ruggero Lanotte & Simone Tini (2009): Probabilistic bisimulation as a congruence. ACM Trans. Comput. 



Log. 10(2), doi: 10.1 145/1462179.1462181 



Kim Guldstrand Larsen & Arne Skou (1991): Bisimulation through Probabilistic Testing. Inf. Comput. 94(1), 
pp. 1-28, doi | 10. 10 16/0890-5401 (9 1)90030-6[ 

Mohammad Reza Mousavi, Michel A. Reniers & Jan Friso Groote (2007): SOS formats and meta-theory: 20 



years after. Theor. Comput. Sci. 373(3), pp. 238-272, doi: 10.1016/j.tcs.2006.12.019 



130 



Tree rules in probabilistic transition system specifications 



[19] Gordon D. Plotkin (1981): A structural approach to operational semantics. Report DAIMI FN-19, Aarhus 
University, doi j 10. 1016/j .jlap.2004.05T00T] Reprinted in J. Log. Algebr. Program., 60-61:17-139, 2004. 

[20] Roberto Segala (1995): Modeling and Verification of Randomized Distributed Real-Time Systems. Ph.D. 
thesis, MIT. 



